Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

Weekly Security Intelligence Briefing — Week of 2026-04-20

Briefing
og security news briefs
_ _ Tech Jacks Solutions_ 0 Comments

Executive Summary

The week of April 20, 2026 presents an exceptionally active threat landscape dominated by a converging supply chain crisis, nation-state escalation, and critical infrastructure targeting. The SCC pipeline processed 58 intelligence items this week, including 7 items on the CISA Known Exploited Vulnerabilities catalog, multiple critical-rated CVEs with active exploitation confirmed, and 4 nation-state campaigns requiring immediate attention. The most urgent development is the tripartite Vercel breach cluster: a Lumma Stealer infostealer compromised Context.ai credentials via an employee device, enabling OAuth-based access to Vercel’s internal infrastructure and exposure of environment variables across the Next.js, Turbopack, Supabase, Datadog, and Authkit ecosystems. Organizations using Vercel must treat all stored environment variables as compromised and rotate immediately. Compounding supply chain risk, DPRK cluster STARDUST CHOLLIMA (BlueNoroff) trojanized the Axios npm package on March 31, deploying cross-platform ZshBucket malware to the Node.js ecosystem with confirmed fintech and cryptocurrency sector targeting. Iran-affiliated threat actors have resumed ICS/OT operations following a 47-day communications blackout after Operation Epic Fury, now pivoting toward Rockwell Automation FactoryTalk and Allen-Bradley PLCs, while ZionSiphon malware targeting Israeli water infrastructure demonstrates live sabotage capability. Windows Defender privilege escalation zero-days RedSun and UnDefend remain unpatched with active exploitation confirmed, and the protobuf.js GHSA-xq3m-2v4x-88gg RCE with public PoC demands immediate developer action. CISA reduced advisory capacity due to a government shutdown warrants supplementing federal intelligence with sector ISAC and allied CERT feeds this week.

Critical Action Items

  1. DPRK Axios npm Trojan — ZshBucket Malware (STARDUST CHOLLIMA)
    Affected: All Node.js projects using Axios installed or updated around March 31, 2026. Immediately audit package-lock.json, yarn.lock, and pnpm-lock.yaml across all pipelines. Cross-reference installed Axios version hashes against the CrowdStrike advisory and Snyk advisory. Reimage any system confirmed to have executed a trojanized version. Rotate all credentials accessible to affected Node.js processes. Implement npm provenance verification in CI/CD. Source: CrowdStrike Advisory
  2. Vercel Breach — OAuth Supply Chain / Lumma Stealer (SCC-DBR-2026-0094, 0095, 0096)
    Affected: All Vercel customers with stored environment variables; Context.ai OAuth integrations. Log into Vercel dashboard immediately. Audit all project environment variables. Rotate every API key, OAuth token, database connection string, and CI/CD secret stored in Vercel. Revoke and regenerate tokens for Supabase, Datadog, Authkit, and connected services. Check Google Workspace OAuth audit logs for Context.ai grants and revoke. No KEV deadline; treat as active compromise.
  3. Windows Defender LPE Zero-Days — RedSun & UnDefend (Active Exploitation) + CVE-2026-33825 BlueHammer (CISA KEV)
    Affected: Windows 10, Windows 11, Windows Server 2019+. Apply April 2026 Patch Tuesday update for CVE-2026-33825 immediately. For RedSun and UnDefend (no patch available): enforce least privilege, remove local admin rights from standard users, deploy WDAC/AppLocker. Monitor Windows Event IDs 4672 and 4688 for SYSTEM-level privilege escalation. KEV status confirmed for CVE-2026-33825.
  4. MajorDoMo Unauthenticated RCE — CVE-2026-27174 & CVE-2026-27175 (CISA KEV)
    Affected: MajorDoMo (Major Domestic Module), all versions. Block all external access to /admin.php and /rc/index.php at the perimeter immediately. Search web logs for GET requests to /admin.php?ajax_panel=1&op=console&command=. Disable PHP console feature. Monitor for vendor patch release. CISA KEV confirmed.
  5. Fortinet FortiClient EMS Critical SQLi — CVE-2026-21643 (CISA KEV, Deadline April 16)
    Affected: FortiClient EMS 7.4.4 and 7.x branch. DEADLINE PASSED — verify patch status immediately. Apply Fortinet PSIRT patch. Restrict EMS management interface to trusted IP ranges. Audit EMS logs for SQL injection exploitation patterns. CISA KEV due date: 2026-04-16.
  6. Microsoft SharePoint Server Input Validation — CVE-2026-32201 (CISA KEV, Deadline April 28)
    Affected: Microsoft SharePoint Server. Apply April 2026 Patch Tuesday update. Restrict external access to SharePoint Server at the perimeter. Review SharePoint ULS and IIS logs for anomalous authentication and injection patterns. CISA KEV remediation deadline: 2026-04-28.
  7. protobuf.js Critical RCE — GHSA-xq3m-2v4x-88gg (Public PoC Available)
    Affected: protobufjs 7.x below 7.5.4, 8.x (verify patch status). Run npm ls protobufjs across all Node.js services. Upgrade to 7.5.4 or later. Restrict schema ingestion from untrusted sources at the API gateway layer immediately. Public PoC increases exploitation probability significantly.
  8. Iran-Affiliated ICS/OT Pivot — Rockwell Automation FactoryTalk / Allen-Bradley PLCs (CISA AA26-097A)
    Affected: Rockwell Automation FactoryTalk, Allen-Bradley PLCs; ~4,000 US-exposed industrial devices per Censys. Immediately remove all PLC and HMI management interfaces from internet exposure. Rotate all default credentials. Apply Rockwell Automation security advisories. Review CISA AA26-097A at https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a for IOCs and mitigations.

Key Security Stories

STARDUST CHOLLIMA (BlueNoroff/DPRK) Trojanizes Axios npm Package with Cross-Platform ZshBucket Malware

North Korea’s STARDUST CHOLLIMA cluster compromised the Axios npm package — one of the most widely downloaded HTTP client libraries in the Node.js ecosystem — by using stolen maintainer credentials to publish a trojanized version on approximately March 31, 2026. The malicious package deployed ZshBucket, a cross-platform backdoor with distinct payloads for Windows (PowerShell), macOS (AppleScript/osascript), and Linux (Python), and included a second-stage loader designated SILKBELL with active forensic evasion through postinstall-triggered self-cleanup. Command-and-control used JSON-formatted HTTP traffic to STARDUST CHOLLIMA infrastructure.

The attack is consistent with DPRK’s well-documented focus on cryptocurrency and fintech sector targets. The supply chain vector — compromising a trusted, widely-used open-source package rather than targeting individual organizations — maximizes blast radius and exploits the implicit trust developers place in package manager ecosystems. SILKBELL’s self-cleanup behavior makes forensic attribution and retroactive detection difficult, making the containment window after detection extremely narrow.

Security teams should treat any system that executed an Axios version published around March 31, 2026 as potentially compromised. Reimaging is preferred over in-place cleanup given SILKBELL’s evasion capability. Consult the CrowdStrike advisory at https://www.crowdstrike.com/en-us/blog/stardust-chollima-likely-compromises-axios-npm-package/ and Snyk advisory at https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/ for confirmed IOC hashes and C2 indicators. MITRE: T1195.001, T1195.002, T1059.001, T1059.006, T1059.002, T1041, T1543.

Vercel Breach Trilogy: Lumma Stealer, Context.ai OAuth Compromise, and CI/CD Credential Exposure

Three related SCC items this week detail a multi-stage supply chain attack affecting Vercel. The confirmed root cause is a Lumma Stealer infection on an employee’s personal device at Context.ai, an AI platform with Google Workspace OAuth integration to Vercel. The infostealer harvested session cookies and credentials, enabling threat actors to authenticate to Vercel via the trusted OAuth relationship and access internal systems, environment variables, and customer project data. Affected downstream services confirmed in reporting include Next.js, Turbopack, Supabase, Datadog, and Authkit. Threat actors have claimed the data is for sale.

The incident is a textbook supply chain attack exploiting trusted third-party relationships (MITRE T1199) combined with application access token abuse (T1550.001) and cloud storage data collection (T1530). The root control failures include: unmanaged personal devices authenticating to corporate SaaS without MDM/EDR enforcement; OAuth token persistence without anomaly detection or session binding; and sensitive secrets stored in platform environment variables without a dedicated secrets management solution. All three gaps are common and the combination is increasingly targeted by both criminal and nation-state actors.

Vercel has not released official IOCs as of this writing. Organizations should not treat the absence of IOCs as clearance — rotate all Vercel environment variables immediately and treat any data stored in or connected to Vercel’s internal systems as potentially exposed for risk assessment purposes. Apply NIST SP 800-53 controls AC-2, AC-6, IA-2, IA-5, SA-9, SR-3. This incident directly parallels the 2024 Snowflake campaign (ShinyHunters via infostealer credential theft) and the pattern shows no signs of slowing.

Iran-Affiliated Actors Resume ICS/OT Targeting After 47-Day Blackout; ZionSiphon Water Infrastructure Malware Analyzed

Following the disruption of Iranian cyber operations by Operation Epic Fury, connectivity was restored after a 47-day blackout and threat actors immediately pivoted to ICS/OT targeting. Confirmed targets include Rockwell Automation FactoryTalk instances and Allen-Bradley PLCs, with Palo Alto Cortex XDR and NGFW also named as targeted assets — suggesting adversary interest in blinding security tooling before escalating operations. Critical infrastructure sectors at highest risk include energy, utilities, food processing, and financial services. CISA Advisory AA26-097A provides the authoritative technical reference.

Concurrently, Darktrace published analysis of ZionSiphon, ICS malware targeting Israeli water treatment and desalination infrastructure. ZionSiphon communicates via Modbus, DNP3, and S7comm protocols and is capable of issuing unauthorized parameter modification commands (MITRE T0836, T0831, T0855) including direct manipulation of chemical dosing setpoints. The malware currently contains a logic flaw that prevents its destructive payload from executing reliably, but Darktrace researchers assess that this flaw is easily corrected. The operational implication is a narrow window during which the malware is detectable before a functional version enters circulation.

For water and critical infrastructure operators: review CISA ICS-CERT advisories at https://www.cisa.gov/ics-alerts, consult the Darktrace ZionSiphon analysis at https://www.darktrace.com/blog/inside-zionsiphon-darktraces-analysis-of-ot-malware-targeting-israeli-water-systems, and verify that Modbus/DNP3/S7comm traffic monitoring is active with baseline deviation alerting. MITRE ICS: T0813, T0816, T0831, T0836, T0843, T0853, T0855, T0856, T0866, T0883.

Windows Defender LPE Zero-Days Under Active Exploitation; KB5082063 April Update Causes Three Concurrent Failures

Two unpatched Windows Defender local privilege escalation zero-days, designated RedSun and UnDefend, are under confirmed active exploitation following PoC leak. UnDefend specifically targets the Defender update mechanism (MITRE T1562.001), blocking signature updates to blind endpoint protection before escalating privileges. CVE-2026-33825 (BlueHammer), a third LPE vulnerability in the same family, was patched in the April 2026 Patch Tuesday cycle and is confirmed on the CISA KEV catalog, indicating federal agencies observed exploitation. Private intelligence from Huntress has identified IOCs from at least one confirmed intrusion via a compromised VPN account.

Compounding the patching challenge, April 2026 Patch Tuesday update KB5082063 introduces three concurrent failure modes on Windows Server infrastructure: LSASS crash loops on domain controllers with PAM enabled, BitLocker recovery key prompts on Windows Server 2025 OS volumes, and silent installation failures (0x800F0983) on some Windows Server 2025 deployments. Organizations face a forced choice between known operational risk (deploying KB5082063 and potentially destabilizing domain controllers) and a known security risk (deferring and remaining exposed to actively exploited LPE vulnerabilities).

Recommended approach: prioritize BlueHammer (CVE-2026-33825) patching on workstations and non-PAM domain controllers first. For PAM-enabled domain controllers, stage carefully with pre-deployment domain controller redundancy verification and confirmed out-of-band BitLocker key accessibility. Escalate the RedSun/UnDefend gap to executive leadership as a documented risk acceptance decision requiring sign-off. Monitor the Microsoft Windows release health dashboard for out-of-band remediation of KB5082063 failures.

EssentialPlugin WordPress Supply Chain Compromise: Dormant Backdoor Activates Across 30+ Plugins

The EssentialPlugin suite (formerly WP Online Support) — encompassing over 30 WordPress plugins including sliders, galleries, WooCommerce extensions, and SEO tools — was confirmed as the subject of a supply chain compromise in which a dormant backdoor was activated across hundreds of thousands of combined active installations. The attack vector exploited the plugin acquisition pattern: a threat actor acquired the plugin portfolio and introduced malicious code that used an Ethereum blockchain RPC-based C2 resolution mechanism (MITRE T1102), specifically calling public JSON-RPC nodes such as Infura to obtain command-and-control addresses. The payload activates only on Googlebot user-agent requests, making browser-based detection impossible.

WordPress.org issued a forced update but did not perform the manual wp-config.php remediation required to fully eradicate the infection. Organizations running any EssentialPlugin/WP Online Support plugin must independently inspect and clean wp-config.php on each affected installation. The use of blockchain infrastructure for C2 resolution is a significant tradecraft evolution that evades traditional domain-based blocking and represents a technique defenders should build detection capability for.

Detection requires server-side access: fetch pages using a Googlebot user-agent string server-side and compare output against normal browser responses. Search the WordPress installation directory for wp-comments-posts.php in unexpected locations. Monitor web server process outbound connections for calls to Ethereum JSON-RPC endpoints — this is highly anomalous for a web server and constitutes a high-confidence indicator. Review mySites.guru and anchor.host analyses for additional technical detail.

Frontier AI Crosses Vulnerability Discovery Threshold: Anthropic Claude Mythos, Project Glasswing, and CrowdStrike Partnership

Anthropic’s Claude Mythos Preview model has crossed a capability threshold in vulnerability research, reportedly discovering novel zero-days in major operating systems and browsers as part of Project Glasswing — a coordinated responsible disclosure coalition that includes CrowdStrike as a founding member. This represents the first publicly confirmed case of a frontier AI model autonomously discovering previously unknown vulnerabilities in production software at a quality sufficient to warrant coordinated disclosure. The security implication is bidirectional: the same capability accelerates defensive vulnerability discovery and is now available as a capability tier for well-resourced threat actors, particularly state-sponsored groups (China, Iran, North Korea, Russia named by Anthropic and CrowdStrike).

Concurrently, CVE-2026-30623 affects Anthropic’s Model Context Protocol (MCP) across all pre-patch implementations with 150M+ cumulative ecosystem downloads. The vulnerability is architectural in nature, affecting the protocol’s tool invocation and context-passing mechanisms. A critical CVE (CVSS 9.0) in a protocol this widely deployed represents a meaningful supply chain risk for organizations that have integrated MCP into development or security workflows.

The operational implication for security teams is a required update to threat models and patch prioritization frameworks. The assumption that AI-assisted vulnerability discovery remains a defender-exclusive advantage should now be retired. Defenders should monitor Project Glasswing announcements via Anthropic and CrowdStrike for disclosed zero-days, accelerate patch deployment SLAs for browser and OS vulnerabilities, and audit AI integration credentials and access scopes in their security tooling. MCP patch status should be verified via the Anthropic advisory and NVD entry for CVE-2026-30623.

Dependabot and Renovate Abused as Malware Delivery Vectors; Typosquatting Campaign Exploits Auto-Merge

Threat actors are actively exploiting automated dependency management tools — specifically GitHub Dependabot and Mend Renovate — as a malware delivery vector by introducing typosquatted malicious packages that these tools propose for automatic installation. When organizations have auto-merge enabled for bot-proposed dependency updates, a malicious package can traverse the full CI/CD pipeline without human review. The attack exploits the implicit trust organizations extend to automation tools and the practical difficulty of reviewing every dependency update proposal at scale.

This week also saw a related campaign involving 108 coordinated malicious Chrome extensions sharing a single C2 server at 144.126.135[.]238, exfiltrating OAuth2 tokens and Telegram session cookies from Google, YouTube, TikTok, and crypto platform accounts. The coordination infrastructure suggests a single threat actor operating a credential harvesting operation at scale. IOC confidence for the C2 IP is medium pending primary source verification; apply to test environment before production blocking.

Immediate actions: disable auto-merge on all Dependabot and Renovate pull requests. Implement a minimum-age policy for new package versions (reject packages published less than 7 days ago). Add CODEOWNERS rules requiring human review on all dependency update PRs. Query GitHub Audit Logs filtered on actor:dependabot[bot] for auto-merged PRs without human approval in the last 30 days. For Chrome extension exposure: audit installed extensions via Google Admin Console, enforce an extension allowlist via Chrome Enterprise policy, and block outbound connections to 144.126.135[.]238.

Ransomware Ecosystem: Elevated Q1 2026 Activity, Emerging Group “The Gentlemen,” and BYOVD EDR Killer Proliferation

GuidePoint Security’s Q1 2026 ransomware report documents elevated victim posting activity with manufacturing and construction sectors disproportionately targeted. An emerging threat group designated “The Gentlemen” is tracked with limited current intelligence; IOCs and TTPs are pending primary report publication. The tactical trend toward exfiltration-first extortion — stealing data before or without encryption — means encryption-based detection alone is insufficient; organizations must prioritize egress monitoring and DLP coverage. Storm-1175, the access broker and initial-access-as-a-service operation associated with rapid Medusa ransomware deployment, is actively targeting healthcare, education, finance, and professional services with a documented 24-hour exploitation-to-encryption timeline.

The BYOVD (Bring Your Own Vulnerable Driver) ecosystem has expanded materially, with new EDR killer tooling increasing accessibility for lower-tier threat actors. The attack chain loads a signed but vulnerable kernel driver to perform direct kernel object manipulation (DKOM), terminating or blinding EDR agents before ransomware deployment. Microsoft’s Vulnerable Driver Blocklist provides the primary mitigation, but enforcement is not guaranteed by default system state and must be explicitly verified. Hypervisor-Protected Code Integrity (HVCI) is the most effective technical countermeasure but requires hardware compatibility verification.

Detection for BYOVD requires multi-layer coverage: Sysmon Event ID 6 (kernel driver loaded), Windows Security Event ID 7045 (new service installed), and EDR self-health or heartbeat monitoring are the primary signals. Loss of EDR telemetry from a previously reporting endpoint during a suspicious activity window is itself a high-fidelity indicator of impairment. Reference loldrivers.io for the community-maintained vulnerable driver hash database.

ShinyHunters Active on Multiple Fronts: Salesforce Misconfiguration at McGraw-Hill, Anodot/Snowflake Supply Chain Breach

ShinyHunters continued active operations this week on two disclosed fronts. In the McGraw-Hill incident, the group exploited Salesforce platform misconfigurations — specifically overly permissive guest user profiles, public sharing rules, and object permissions — to exfiltrate customer and business data, setting an April 14 extortion deadline. The breach does not involve a Salesforce software vulnerability; it exploits configuration gaps that are common across Salesforce deployments and require manual audit to identify.

In the Anodot/Rockstar Games incident, ShinyHunters compromised Anodot’s SaaS analytics platform, obtaining tokens that granted access to the victim’s Snowflake environment, Amazon S3 buckets, Amazon Kinesis streams, and Zendesk support instance. Analytics data from Rockstar Games (GTA Online, Red Dead Online) was subsequently leaked. The attack demonstrates the downstream blast radius of SaaS-to-SaaS credential relationships: a compromise of a third-party analytics tool cascaded into exposure of a major cloud data platform and game telemetry.

Both incidents reinforce the same control pattern: SaaS platforms with excessive permissions held by third-party integrators, without time-limited credentials, periodic access review, or anomaly monitoring. Organizations using Salesforce should immediately execute a Health Check and Security Score audit in their org. Organizations using Anodot or similar third-party analytics integrators should audit all tokens and rotate affected Snowflake, S3, and Kinesis credentials. Review the Salesforce advisory at status.salesforce.com/generalmessages/20000244 (verify URL resolves before implementation). MITRE: T1213, T1530, T1528, T1199, T1567.002.

NIST NVD Triage Policy Change Creates Structural Gap in Vulnerability Intelligence

NIST’s National Vulnerability Database implemented a triage policy change effective approximately April 15, 2026, designating a significant portion of non-KEV CVEs as “Not Scheduled” — meaning they will not receive CVSS scores, CWE classifications, or CPE enrichment under the new policy. This creates a structural gap for organizations whose vulnerability management pipelines depend on NVD as a primary or sole enrichment source. CVEs lacking CVSS scores may be silently deprioritized by automated risk-scoring tools, creating blind spots in patch prioritization precisely for vulnerabilities that fall outside the KEV perimeter but may still be exploitable.

The operational impact is measurable: any scanner, SIEM enrichment job, SOAR playbook, or risk-scoring model that queries NVD APIs and receives null fields for “Not Scheduled” CVEs will systematically under-weight those vulnerabilities. Organizations should audit their vulnerability management pipeline for NVD API dependencies, cross-reference against CVEs returning “Not Scheduled” status, and integrate at least one alternative enrichment source — OSV.dev provides broad open-source ecosystem coverage, and vendor-direct OVAL and SBOM feeds provide authoritative data for specific product lines.

This governance change arrives at a particularly inopportune moment given concurrent CISA capacity reductions during the government shutdown. Security teams should document this dual reduction in federal advisory throughput as a control gap in their risk register and elevate supplementary intelligence sourcing from sector ISACs (E-ISAC, WaterISAC, FS-ISAC) and allied national CERTs (NCSC-UK, ACSC).

Apache ActiveMQ Jolokia RCE Exploited (CVE-2026-34197); HashiCorp Vault Dual Vulnerabilities; Cisco Critical Patches

Apache ActiveMQ’s Jolokia HTTP API endpoint has been under active exploitation via CVE-2026-34197 (CVSS 9.5), with a 13-year-old attack surface now weaponized. On ActiveMQ 6.0.0-6.1.1, CVE-2024-32114 (unauthenticated API access) chains with CVE-2026-34197 to enable pre-authentication RCE — no credentials required. Immediate mitigation is to block external access to the Jolokia endpoint (default port 8161, paths /api/jolokia and /jolokia) and upgrade to ActiveMQ 5.19.4 or 6.2.2. The Jolokia API has been a documented attack surface since 2013; the recurrence demonstrates that legacy management plane exposure persists across major version cycles.

HashiCorp Vault this week received two concurrent security advisories: CVE-2026-4525 (CVSS 7.5), in which auth mounts configured to pass through the Authorization header expose Vault tokens to downstream plugin backends; and CVE-2026-3605 (CVSS 8.1), in which authenticated users with glob-pattern KVv2 policies can delete secrets outside their explicit policy scope. Both affect Vault Community Edition below 2.0.0 and Vault Enterprise below version-branch-specific patch levels. Fixed versions are 2.0.0, 1.21.5, 1.20.10, and 1.19.16. For organizations using HashiCorp Vault as a secrets management backbone, both vulnerabilities represent meaningful risk to secrets integrity and confidentiality.

Cisco patched four critical vulnerabilities in ISE and Webex this week, including CVE-2026-20184 (SAML certificate validation bypass enabling impersonation, CVSS 9.5). A critical non-obvious aspect of the Webex SAML fix: Cisco’s server-side patch is necessary but not sufficient — customers must also manually upload a new SAML certificate via Cisco Control Hub. Failure to complete this manual step leaves the vulnerability exploitable despite patch application. Cisco ISE also received a command injection vulnerability (CVE-2026-20180) requiring patch application and network segmentation review.

AI Voice Phishing Platform ATHR Automates End-to-End Vishing; W3LL PhaaS Infrastructure Dismantled

A new Crime-as-a-Service platform designated ATHR has been identified that automates end-to-end vishing (voice phishing) attacks using AI voice agents capable of impersonating customer support staff for Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, and AOL. The platform automates the full attack chain: identifying targets, generating personalized lures, conducting synthetic voice calls, and harvesting MFA codes and session tokens. The targeting of cryptocurrency platform account holders is consistent with established financial crime patterns, but the automation and realism enabled by AI voice synthesis significantly expands the threat surface beyond what human-operated social engineering campaigns can achieve at scale.

Separately, law enforcement dismantled the W3LL Phishing-as-a-Service platform after attribution to over $20M in BEC fraud attempts against 17,000+ Microsoft 365 targets. W3LL was notable for its adversary-in-the-middle (AiTM) phishing capability that bypassed standard TOTP-based MFA by relaying credentials and session tokens in real time. The takedown disrupts this specific infrastructure but does not address the underlying AiTM capability, which is increasingly commoditized across multiple phishing platforms. Organizations relying on push-based or TOTP MFA for Microsoft 365 should treat this as an ongoing exposure rather than a resolved threat — only phishing-resistant MFA (FIDO2/hardware keys, certificate-based authentication) provides meaningful protection against AiTM attacks.

Employee awareness programs should be updated to include AI voice call impersonation scenarios. Security policy should clarify that no legitimate service provider will request MFA codes or credentials verbally. Enforce phishing-resistant MFA (CIS v8 6.3, 6.4, 6.5) and Microsoft Entra ID Conditional Access policies requiring compliant devices and blocking legacy authentication protocols.

CISA KEV & Critical CVE Table

CVE Product CVSS EPSS Exploitation Status KEV Deadline Description
CVE-2026-33825 (BlueHammer) Microsoft Windows Defender / Windows 10, 11, Server 2019+ 9.5 0.04% / 12.2th pct Active exploitation confirmed CISA KEV (no federal deadline published) Windows Defender LPE zero-day; April 2026 Patch Tuesday addresses this CVE. Two additional unpatched LPE zero-days (RedSun, UnDefend) under active exploitation with no patch available.
CVE-2026-27174 MajorDoMo (Major Domestic Module) 9.8 51.6% / 97.9th pct CISA KEV; active exploitation CISA KEV (no date published in source data) Unauthenticated PHP code injection via admin panel console feature. GET /admin.php?ajax_panel=1&op=console&command= exploitation path.
CVE-2026-27175 MajorDoMo (Major Domestic Module) 9.8 25.2% / 96.2th pct CISA KEV; active exploitation CISA KEV (no date published in source data) Unauthenticated OS command injection via rc/index.php $param parameter and cycle_execs.php chained execution.
CVE-2026-32201 Microsoft SharePoint Server 7.5 0% (not scored) CISA KEV; active exploitation confirmed 2026-04-28 Improper input validation vulnerability in SharePoint Server. Align with T1078, T1566, T1199 TTPs.
CVE-2026-21643 Fortinet FortiClient EMS 7.4.4 and 7.x 9.8 13.7% / 94.3th pct CISA KEV; active exploitation 2026-04-16 (PAST) Critical SQL injection in FortiClient EMS management interface enabling remote code execution. Patch immediately if not already applied.
CVE-2026-33032 nginxui nginx_ui <= 2.3.5 9.8 0.06% / 18.9th pct CISA KEV; active exploitation CISA KEV (no date in source data) Missing authentication on MCP endpoint (/mcp_message) allows complete Nginx service takeover without credentials. No patch available; block endpoint at perimeter immediately.
CVE-2026-34621 Adobe Acrobat and Reader 8.8 0.04% / 11.4th pct CISA KEV; active exploitation 2026-04-27 Prototype pollution vulnerability enabling arbitrary code execution. Apply Adobe APSB26-43. Alert on unexpected child processes from AcroRd32.exe/Acrobat.exe.
CVE-2026-30623 Anthropic Model Context Protocol (MCP), all pre-patch implementations 9.0 0% (not scored) Not actively exploited (confirmed vulnerability, patch pending) Not on KEV Architectural vulnerability in MCP tool invocation / context-passing mechanism. 150M+ cumulative downloads. Apply vendor patch when released.
CVE-2026-34197 Apache ActiveMQ Classic < 5.19.4 and 6.0.0–6.2.1 9.5 6.2% / 90.9th pct Active exploitation confirmed Not on KEV (as of report date) Jolokia API RCE; chains with CVE-2024-32114 for pre-auth RCE on 6.0.0–6.1.1. Block /api/jolokia and upgrade immediately.
CVE-2026-20184 / CVE-2026-20147 / CVE-2026-20180 / CVE-2026-20186 Cisco Webex (SSO) and Cisco ISE 9.5 (highest) 0.05% / 15.7th pct Not actively exploited (critical severity, manual remediation required) Not on KEV SAML certificate validation bypass (CVE-2026-20184) requires manual Control Hub certificate upload in addition to server-side patch. ISE OS command injection (CVE-2026-20180). Apply Cisco PSIRT advisories.
GHSA-xq3m-2v4x-88gg (no CVE assigned at publication) protobufjs (protobuf.js) < 7.5.4 9.5 0% (not scored) Public PoC available; active exploitation not yet confirmed Not on KEV RCE via unsafe Function() constructor; public PoC elevates exploitation risk significantly. Upgrade to 7.5.4 on 7.x branch immediately.
CVE-2026-4525 HashiCorp Vault and Vault Enterprise 7.5 0.02% / 2.9th pct Not actively exploited Not on KEV Auth mount Authorization header pass-through exposes Vault tokens to plugin backends. Fixed in 2.0.0, 1.21.5, 1.20.10, 1.19.16.
CVE-2026-3605 HashiCorp Vault Community Edition < 2.0.0; Enterprise < various 8.1 0.01% / 1.7th pct Not actively exploited Not on KEV Authenticated user with glob KVv2 policy can delete secrets outside explicit policy scope. Same patch versions as CVE-2026-4525.
CVE-2026-5726 Delta Electronics ASDA-Soft < v7.2.6.0 7.8 0.005% / 0.3th pct Not actively exploited Not on KEV Stack-based buffer overflow enabling ACE via malicious project file (T1204.002). Upgrade to v7.2.6.0.
CVE-2026-20929 Microsoft Windows Kerberos / AD CS Web Enrollment 7.5 0.05% / 13.5th pct Not actively exploited Not on KEV Kerberos relay via DNS CNAME bypasses NTLM mitigations; enables certificate-based persistence. January 2026 Patch Tuesday. Apply EPA to /certsrv endpoint.
CVE-2026-5194 wolfSSL < 5.9.1 (embedded systems, IoT, ICS, routers) 9.5 0.04% / 10.4th pct Not actively exploited (widely deployed, high potential impact) Not on KEV Cryptographic bypass enables certificate forgery across ~5B devices using wolfSSL for TLS. Upgrade to 5.9.1 released April 8, 2026.
CVE-2026-40192 Pillow (PyPI) — FITS GZIP decompression 5.5 0% (not scored) Not actively exploited Not on KEV Decompression bomb via FITS GZIP input can exhaust system memory (DoS). Check GHSA-whj4-6x5x-4v2j for patched version.
CVE-2026-40175 axios (npm) 9.1 0.24% / 47.0th pct Not actively exploited (SSRF to IMDS credential exfiltration pattern) Not on KEV Header injection chain enables unrestricted cloud metadata (IMDS) exfiltration. Upgrade axios; enforce IMDSv2 on all EC2 instances.
CVE-2025-60710 Windows 11, Windows Server 2025 7.5 18.2% / 95.2th pct Confirmed exploited (5 months post-patch) Not on KEV (as of report date) Windows Task Host LPE via Services File Permissions Weakness. Patch via November 2025 Patch Tuesday. EPSS at 95th percentile confirms active exploitation cohort.
CVE-2026-39987 Marimo Python Notebook 9.8 2.7% / 85.9th pct Exploited within 10 hours of disclosure Not on KEV RCE in Marimo open-source reactive Python notebook; unauthenticated if internet-facing. Take offline or block external access immediately; upgrade to patched version.
CVE-2026-33634 Trivy (Aqua Security vulnerability scanner) 9.5 21.2% / 95.7th pct Active exploitation confirmed (supply chain) Not on KEV Supply chain compromise of Trivy scanner during March 2026; see GHSA-69fq-xp46-6×23 for IOCs. Upgrade to clean version; rotate all credentials accessible to affected instances.
CVE-2026-33825 (BlueHammer) Microsoft Windows Defender 9.5 0.04% / 12.2th pct Active (CISA KEV) CISA KEV (no date in source) See above — listed again for completeness in KEV section. April 2026 Patch Tuesday.

Supply Chain & Developer Tool Threats

Axios npm Package — DPRK STARDUST CHOLLIMA (Priority: Critical)

Confirmed nation-state supply chain compromise of the Axios npm package via stolen maintainer credentials, deploying ZshBucket cross-platform malware with SILKBELL forensic cleanup. All projects using Axios installed or updated around March 31, 2026 are potentially affected. Reimage systems confirmed to have executed the trojanized package. Obtain confirmed IOCs from the CrowdStrike advisory and Snyk advisory. Detection: npm postinstall scripts spawning PowerShell (Windows), Python (Linux), or osascript (macOS) from a legitimate HTTP library are abnormal; alert on this pattern.

Trivy Vulnerability Scanner — Supply Chain Compromise (CVE-2026-33634)

Aqua Security’s Trivy container vulnerability scanner was confirmed compromised during March 2026, with CVSS 9.5 and EPSS at the 95.7th percentile indicating active exploitation. Security scanning infrastructure is a high-value supply chain target because it typically runs with elevated permissions, accesses secrets and credential stores, and executes during every build cycle. Reference GHSA-69fq-xp46-6×23 for confirmed IOC hashes, C2 infrastructure, and affected version ranges. Upgrade immediately and rotate all credentials accessible to Trivy-executing pipelines.

EssentialPlugin WordPress Suite — Plugin Acquisition Attack

30+ WordPress plugins compromised via supplier acquisition. Blockchain-based C2 (Ethereum JSON-RPC) evades traditional domain blocking. WordPress.org forced update does not complete wp-config.php remediation — manual inspection required on every affected installation. Detection must be server-side with Googlebot user-agent simulation; browser inspection will not reveal the payload.

Dependabot and Renovate — Automated Dependency Tool Abuse

Typosquatted malicious packages introduced via automated dependency update PRs with auto-merge enabled. Disable auto-merge on all bot PRs immediately. Enforce minimum-age policy (7 days) for new package versions. Cross-reference all bot-proposed packages against OSV.dev. Behavioral indicators: unexpected outbound network connections during dependency installation steps; scripts not present in prior build runs executing in CI/CD workers.

108 Malicious Chrome Extensions — OAuth2 and Session Token Harvesting

Coordinated campaign of 108 Chrome extensions sharing C2 at 144.126.135[.]238. Targets: Google OAuth2 tokens, Telegram session cookies, YouTube and TikTok account credentials. Extension names designed to mimic legitimate productivity tools. Mitigation: audit installed extensions via Chrome Enterprise, enforce an extension allowlist policy, block C2 IP (verify against primary TI before production deployment), revoke unauthorized OAuth2 grants via Google Admin Console.

Checkmarx GitHub Actions — CI/CD Pipeline Supply Chain

Checkmarx GitHub Actions workflows were identified in the broader Axios/Trivy supply chain compromise cluster as pulling compromised dependencies. Organizations using Checkmarx actions in GitHub pipelines should audit workflow versions and validate no compromised package versions were executed. Review all CI/CD runners that executed affected workflows.

protobuf.js RCE via Unsafe Function() Constructor (GHSA-xq3m-2v4x-88gg)

Public PoC available for critical RCE in protobuf.js affecting 7.x below 7.5.4. The vulnerability exploits unsafe use of the Function() constructor during schema parsing, enabling arbitrary code execution when an application processes untrusted schema input. Organizations accepting protobuf schemas from external inputs are at direct exploitation risk. Upgrade to 7.5.4 immediately; restrict schema ingestion from untrusted sources as a compensating control.

Axios SSRF Header Injection (CVE-2026-40175) — IMDS Credential Exfiltration

Separate from the DPRK supply chain compromise, CVE-2026-40175 in axios enables SSRF via header injection to cloud instance metadata services (IMDS), exposing IAM role credentials in AWS environments not enforcing IMDSv2. Enforce IMDSv2 on all EC2 instances as an immediate compensating control regardless of axios patch status. Monitor VPC Flow Logs for outbound connections to 169.254.169.254 from application subnets.

Nation-State & APT Activity Summary

North Korea — STARDUST CHOLLIMA (BlueNoroff Cluster)

Attribution: High confidence (CrowdStrike attribution). Target Sectors: Fintech, cryptocurrency, Node.js developer ecosystem broadly. Campaign: Axios npm package trojanization via stolen maintainer credentials. Deployed ZshBucket cross-platform backdoor with SILKBELL forensic cleanup. C2 uses JSON-based HTTP communication to STARDUST CHOLLIMA infrastructure (specific IOCs in CrowdStrike advisory). TTPs: T1195.001, T1195.002, T1078, T1027, T1071.001, T1059.001/006/002, T1543, T1041, T1070. Status: Active. Trojanized packages potentially still installed in environments that have not audited. Reimage confirmed-compromised systems.

Iran — Multiple Clusters (Cyber Av3ngers / Storm-0784 / IRGC-affiliated)

Attribution: Medium-high confidence per CISA advisory AA26-097A and previous CISA AA23-335A (Unitronics). Target Sectors: US critical infrastructure — energy, utilities, food processing, financial services, water. Campaigns (two distinct):

  • ICS/OT Pivot Post-Operation Epic Fury: Targeting Rockwell Automation FactoryTalk and Allen-Bradley PLCs; also targeting Palo Alto Cortex XDR/XSIAM/Xpanse/NGFW management interfaces. TTPs: T1078, T1133, T0843, T0816, T1562, T1219, T1498. Initial access via satellite (VSAT/Starlink) IP ranges; spearphishing targeting OT operators.
  • ZionSiphon ICS Malware: Active campaign against Israeli water infrastructure using Modbus/DNP3/S7comm protocol manipulation. Capable of unauthorized parameter modification (chemical dosing setpoints). Current logic flaw prevents reliable execution; assess as imminent fix risk. TTPs: T0831, T0836, T0843, T0855, T0856, T1547.009, T1091, T1565.002. Reference: Darktrace ZionSiphon analysis.

China — APT41

Attribution: Medium confidence (no confirmed primary source with IOC-level detail). Target Sectors: Multi-sector; specific targeting of AWS, Google Cloud, Microsoft Azure, and Alibaba Cloud credentials. TTPs: T1078, T1078.004, T1528, T1530, T1552.005, T1550.001, T1568, T1583.001, T1556. C2 via typosquatted domains mimicking cloud service endpoints (specific domains unconfirmed). Status: Active; IOC-level data requires primary intelligence source confirmation. Monitor DNS for typosquatted cloud service domains; audit cloud IAM credentials for anomalous API activity. Subscribe to Palo Alto Unit 42 at https://unit42.paloaltonetworks.com/.

Ukraine — UAC-0247 (AgingFly)

Attribution: CERT-UA attribution. Target Sectors: Ukrainian government, healthcare, defense-affiliated organizations; techniques applicable to any Windows environment. TTPs: T1566.002 (spearphishing link initial access), T1620 (reflective code loading), T1027.010 (command obfuscation), T1059.001/003 (PowerShell/cmd execution), T1547.001 (registry run key persistence), T1555.003 (Chrome/Edge/Firefox credential harvesting), T1539 (session cookie theft from WhatsApp for Windows), T1572 (protocol tunneling C2). Unique capability: Runtime code compilation via csc.exe/MSBuild.exe — evades static signature detection. Alert on .NET compiler processes spawned by unexpected parents. Obtain confirmed IOCs directly from CERT-UA advisory; T3 source IOCs require verification before operational deployment.

Phishing & Social Engineering Alert

ATHR Platform — AI-Automated Vishing at Scale

Targets: Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, AOL account holders.
Attack Characteristics: Fully automated AI voice agent calls impersonating platform support staff. Harvests MFA codes (T1621), session cookies (T1539), and account credentials. Caller ID spoofed to match platform support numbers. Follows initial data enrichment from stealer logs or purchased credentials.
Evasion: No static IOCs. CaaS (Crime-as-a-Service) with dynamic infrastructure. Voice quality sufficient to defeat human voice-verification controls.
Detection: Telephony log review for calls spoofing platform support numbers. Authentication logs for MFA push floods or OTP request spikes following inbound call events. New session tokens from unexpected IPs or devices after a reported suspicious call.
Mitigation: Enforce phishing-resistant MFA (FIDO2) on all corporate accounts on targeted platforms. Update security awareness training to explicitly address AI voice impersonation. Policy: no employee should ever verbally confirm MFA codes or credentials regardless of call urgency or apparent caller legitimacy.

Booking.com Data Breach — Downstream Phishing Exposure

Affected: Booking.com customers with exposed reservation data including travel details and personal information.
Attack Characteristics: Exposed reservation data (confirmation numbers, itinerary details, contact information) enables highly convincing spearphishing lures referencing real booking information. Threat actors impersonate Booking.com support or send fake confirmation/cancellation emails. T1598.003, T1566.002, T1659 (content injection into legitimate-appearing reservation communications).
Detection: Email gateway rules for inbound messages containing Booking.com branding with external links. Monitor for lookalike sender domains. Flag reservation-confirmation-themed emails from external senders as requiring manual link verification.
Mitigation: Instruct employees not to click links in reservation-related emails; verify changes directly via the Booking.com app or website. Corporate travel booking accounts should use organization email addresses not publicly associated with travel; enforce MFA.

W3LL PhaaS / AiTM Microsoft 365 Phishing

Platform: W3LL infrastructure dismantled; capability pattern persists across multiple platforms.
Attack Characteristics: Adversary-in-the-Middle phishing proxies relay Microsoft 365 credentials and session tokens in real time, bypassing standard TOTP/push MFA. Targets finance, executive, and IT admin accounts via spearphishing link delivery. Creates inbox forwarding rules (T1114.003) for persistent email collection post-compromise.
Detection: Microsoft Entra ID Sign-in logs: token refresh events with no corresponding interactive login; impossible travel indicators; concurrent sessions from geographic outliers. Unified Audit Log: New-InboxRule/Set-InboxRule events following anomalous authentication. Microsoft Defender for Office 365: suspicious inbox manipulation alerts.
Mitigation: Deploy phishing-resistant MFA (FIDO2/hardware keys) for all M365 accounts — this is the only technical control that fully mitigates AiTM. Enforce Conditional Access requiring compliant devices and blocking legacy authentication protocols. Implement Microsoft Entra ID token protection (device binding).

Lumma Stealer + SectopRAT Multi-Payload MaaS Campaign

Delivery: Phishing links and malicious files (T1204.001, T1204.002) targeting Windows endpoints.
Attack Characteristics: Lumma Stealer targets Chrome/Edge/Firefox credential stores, cryptocurrency wallets, and 2FA browser extensions. SectopRAT (ArechClient2) provides remote access channel post-infection. DLL side-loading (T1574.002) and autorun persistence (T1547). Lumma infrastructure partially reconstituted after May 2025 law enforcement disruption.
Detection: EDR: browser process-targeted file access to Chrome User Data, Firefox profiles. PowerShell script block logging for encoded commands. Registry run key creation by non-administrative processes. DNS/proxy: outbound to newly registered or low-reputation domains from browser processes.
Mitigation: Enforce application allowlisting. Disable browser-native credential storage; enforce dedicated password manager. Deploy phishing-resistant MFA. Update anti-phishing training to address fake software and document delivery lures.

Indicators of Compromise

Campaign / Story IOC Type Value Confidence Context
STARDUST CHOLLIMA / Axios Trojan URL (Advisory) https://www.crowdstrike.com/en-us/blog/stardust-chollima-likely-compromises-axios-npm-package/ High Primary source for confirmed ZshBucket binary hashes and STARDUST CHOLLIMA C2 infrastructure domains. Obtain IOCs directly from this advisory.
STARDUST CHOLLIMA / Axios Trojan URL (Advisory) https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/ High Snyk advisory with affected version identifiers and npm package integrity guidance.
Malicious Chrome Extensions Campaign IP (C2) 144.126.135[.]238 Medium Attacker-controlled C2 server shared across all 108 malicious Chrome extensions. Destination for exfiltrated OAuth2 tokens and Telegram session cookies. Verify against primary TI before production blocking.
EssentialPlugin WordPress Backdoor File Path (Masquerading) wp-comments-posts.php (anomalous location outside WordPress core) Medium T1036.005 masquerading file used as part of infection chain. Legitimate WordPress does not include this filename outside core structure in unexpected directories.
EssentialPlugin WordPress Backdoor Domain / Service (C2 Mechanism) Ethereum JSON-RPC endpoints (e.g., infura.io public nodes) Medium Blockchain RPC calls from web server processes to Ethereum nodes are anomalous. Indicates active backdoor C2 communication (T1102). Block web server process outbound to RPC endpoints.
MajorDoMo CVE-2026-27174 RCE URL Pattern (Exploitation) /admin.php?ajax_panel=1&op=console&command=<payload> High GET request pattern triggering unauthenticated RCE via PHP console ajax handler. Note: 302 redirect response does not indicate failed exploitation.
Apache ActiveMQ Jolokia RCE URL Pattern (Exploitation) /api/jolokia (HTTP POST/GET with exec or write operations) High Jolokia API abuse path for CVE-2026-34197. Monitor ActiveMQ access logs on port 8161 for these request patterns.
Apache ActiveMQ Jolokia RCE URL Pattern (Exploitation) /jolokia (alternate path) High Alternate Jolokia endpoint path — same detection logic applies.
Axios SSRF (CVE-2026-40175) IP (IMDS Target) 169.254.169.254 High AWS IMDSv1 instance metadata endpoint. Outbound requests from application processes to this IP are primary SSRF exploitation indicators.
Axios SSRF (CVE-2026-40175) URL (IMDS Path) http://169.254.169.254/latest/meta-data/iam/security-credentials/ High IMDS path targeted to retrieve IAM role credentials via SSRF exploitation.
Axios SSRF (CVE-2026-40175) URL (IMDS Path) http://169.254.169.254/latest/dynamic/instance-identity/document Medium IMDS path for instance identity and region data. Commonly retrieved alongside credentials in SSRF attacks.
Vercel Breach (Context.ai) Domain (Initial Access Vector) context.ai Medium Third-party AI platform identified as initial access vector via OAuth compromise. Treat all integrations with this service as potentially compromised. Revoke OAuth grants immediately.
ZionSiphon ICS Malware URL (Analysis) https://www.darktrace.com/blog/inside-zionsiphon-darktraces-analysis-of-ot-malware-targeting-israeli-water-systems High Primary technical analysis source containing YARA rules, IOC hashes, and binary analysis. Obtain operational IOCs directly from this source.
Iranian ICS Campaign (Rockwell PLCs) URL (CISA Advisory) https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a High CISA advisory AA26-097A — primary source for campaign IOCs, affected configurations, and mitigation guidance.
Trivy Supply Chain Compromise URL (Advisory) https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6×23 High Aqua Security official security advisory for Trivy compromise. Primary source for IOC hashes, affected versions, and C2 indicators.
Trivy / Axios / OpenAI Cert Campaign (CVE-2026-33634) URL (NVD) https://nvd.nist.gov/vuln/detail/CVE-2026-33634 High NVD entry for CVE-2026-33634 (CVSS 9.5). Cross-validate affected version ranges and supplemental IOC data here.
ShinyHunters / Anodot / Snowflake URL (Source Reporting) https://www.bleepingcomputer.com/news/security/stolen-rockstar-games-analytics-data-leaked-by-extortion-gang/ High BleepingComputer reporting on ShinyHunters Anodot/Rockstar campaign. No malicious IOC — source article.
AgingFly / UAC-0247 Hash / Domain [Pending CERT-UA advisory confirmation] Low C2 infrastructure and binary hashes not independently verified from T3 source. Retrieve directly from CERT-UA advisory before operationalizing.
Nexcorium Mirai Botnet Network Behavior Mirai C2 traffic on TCP ports 23, 2323, 7547, and custom high ports from IoT devices (TBK DVR, TP-Link, Huawei HG532) Medium Monitor abuse.ch Feodo Tracker and Spamhaus for current Nexcorium C2 blocklists. No specific IPs confirmed in source data.
Dragon Boss Adware / AV Killer Behavioral (Persistence) Scheduled task creation (Event ID 4698) + Defender exclusion modification (Event ID 5007) in close temporal proximity Medium High-confidence behavioral signal. No file hash IOCs confirmed in current sources.
Lumma Stealer + SectopRAT Hash / Domain Not available in source data — refer to Malpedia and VirusTotal Low Current IOCs available via Malpedia (https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma) and VirusTotal threat intelligence. Infrastructure rotates frequently.
Nginx UI MCP Missing Auth (CVE-2026-33032) URL Pattern /mcp_message (any HTTP method, any source) High Unauthenticated tool invocation endpoint. Any request to this path warrants immediate investigation and firewall action.

Helpful 5: High-Value Low-Effort Mitigations

1. Enforce IMDSv2 on All EC2 Instances — Block SSRF-to-Credentials Attack Path

Why: CVE-2026-40175 in axios and the broader pattern of SSRF attacks targeting AWS IMDS (169.254.169.254) enable attackers to steal IAM role credentials from any application running on EC2 with IMDSv1 accessible. This is a recurring exploitation path with multiple CVEs and active campaign activity this week.

How: In the AWS Console, navigate to EC2 > Instances > select instance > Actions > Instance Settings > Modify Instance Metadata Options. Set “IMDSv2” to “Required” and “HTTP Put Response Hop Limit” to 1. To enforce at scale via AWS CLI: aws ec2 modify-instance-metadata-options --instance-id <id> --http-tokens required. Enforce via AWS Config rule ec2-imdsv2-check to audit compliance across the fleet. For new instances, set IMDSv2 as the default in launch templates and Auto Scaling groups.

Framework Alignment: NIST CSF PR.AC-5 (network integrity protection), NIST SP 800-53 SC-7 (Boundary Protection), CIS v8 13.4 (Perform Traffic Filtering Between Network Segments), MITRE T1552.005 mitigation.

2. Disable Auto-Merge on All Dependabot and Renovate Pull Requests

Why: This week’s campaign exploiting Dependabot and Renovate as malware delivery vectors requires auto-merge to be enabled to succeed without human review. Disabling auto-merge is a single configuration change that eliminates the automated attack path entirely while preserving the workflow value of automated dependency proposals.

How: GitHub: Navigate to each repository > Settings > Branches > Branch Protection Rules > disable “Allow auto-merge.” Apply via GitHub API at scale: PATCH /repos/{owner}/{repo} with "allow_auto_merge": false. Renovate: Set "automerge": false in renovate.json. Add CODEOWNERS rules requiring at least one human reviewer for any PR that modifies package.json, requirements.txt, go.mod, or equivalent dependency manifests. Audit auto-merge status across all repositories using the GitHub GraphQL API.

Framework Alignment: NIST SP 800-53 CM-3 (Configuration Change Control), CM-7 (Least Functionality), SI-7 (Software Integrity), CIS v8 2.5 (Allowlist Authorized Software), 2.6 (Allowlist Authorized Libraries), MITRE T1195.001 mitigation.

3. Audit and Rotate All Vercel Environment Variables — Treat as Compromised

Why: The Vercel breach disclosed this week exposed customer environment variables including API keys, database connection strings, OAuth credentials, and CI/CD secrets. The specific scope of exposure is not yet confirmed by Vercel, but the breach mechanism (OAuth-based access to internal systems) potentially exposed secrets across customer projects. Waiting for official Vercel disclosure before rotating is a risk acceptance decision that should be made explicitly, not by default.

How: Log in to the Vercel dashboard. Navigate to each project > Settings > Environment Variables. Document and then rotate every stored value, prioritizing: database connection strings, OAuth client secrets, API keys for downstream services (Supabase, Datadog, Authkit, payment processors), npm tokens, GitHub PATs, and cloud provider credentials. After rotation, verify all dependent pipelines function correctly in staging before production promotion. Enable Vercel audit log alerting for environment variable access events. Migrate sensitive secrets to a dedicated secrets management solution (HashiCorp Vault, AWS Secrets Manager, or equivalent) — platform environment variables should not be the primary secrets store.

Framework Alignment: NIST SP 800-53 AC-2, AC-6, IA-5 (Authenticator Management), SA-9 (External System Services), SR-3 (Supply Chain Controls), CIS v8 5.2, 6.3, 15.1, MITRE T1552 mitigation.

4. Deploy and Verify Microsoft Vulnerable Driver Blocklist Enforcement (WDAC) to Counter BYOVD EDR Killers

Why: The BYOVD ecosystem expansion this week — combined with Windows Defender LPE zero-days (RedSun, UnDefend) actively used to blind EDR before ransomware deployment — demonstrates that endpoint protection alone is insufficient without kernel integrity enforcement. The Vulnerable Driver Blocklist prevents the signed-but-vulnerable driver loading that enables DKOM-based EDR termination.

How: Verify current enforcement state: Get-MpPreference | Select-Object -Property IsvControlledFolderAccessAllowedApplications is insufficient — WDAC enforcement must be explicitly verified via Get-CIPolicy or Group Policy audit. Download the current Microsoft Vulnerable Driver Blocklist from the Microsoft documentation portal. Deploy via Windows Defender Application Control (WDAC) policy — the blocklist is embedded in recent Windows updates but enforcement requires WDAC policy to be active. Enable HVCI (Hypervisor-Protected Code Integrity) on all eligible hardware: System Information > Virtualization-based security: Running. For ineligible hardware, prioritize WDAC blocklist enforcement as the next-best control. Cross-reference loaded drivers against loldrivers.io using EDR telemetry or PowerShell: Get-WinEvent -LogName "Microsoft-Windows-CodeIntegrity/Operational".

Framework Alignment: NIST SP 800-53 SI-2 (Flaw Remediation), SI-3 (Malicious Code Protection), SI-7 (Software Integrity), AC-3 (Access Enforcement), CIS v8 5.4 (Restrict Administrator Privileges), MITRE T1562.001 and T1068 mitigation.

5. Enable and Alert on Windows Defender Exclusion Modification Events (Event ID 5007)

Why: Dragon Boss adware’s evolution into an AV killer — and the broader pattern of malware adding Defender exclusions before deploying secondary payloads — represents an exploitable gap in organizations that monitor process execution but not Defender configuration changes. Exclusion modification is a documented pre-ransomware behavior (T1562.001) that precedes payload execution in multiple current campaigns. This detection requires only log forwarding configuration that most organizations have infrastructure to implement immediately.

How: Ensure Microsoft-Windows-Windows Defender/Operational log is forwarded to your SIEM. Create a detection rule alerting on Event ID 5007 (Defender configuration changed) where the change event includes the keyword “ExclusionPath,” “ExclusionProcess,” or “ExclusionExtension.” Correlate with Event ID 4698 (scheduled task created) — a task creation event within 5 minutes of a Defender exclusion modification from the same host is a high-confidence composite indicator. Also alert on PowerShell Script Block logging (Event ID 4104) containing Add-MpPreference -ExclusionPath or Set-MpPreference with exclusion parameters. Tune to exclude known-good software deployment tools (e.g., legitimate AV management platforms) using process path and signed binary allowlisting.

Framework Alignment: NIST SP 800-53 CA-7 (Continuous Monitoring), SI-4 (System Monitoring), SI-3 (Malicious Code Protection), CIS v8 8.2 (Collect Audit Logs), MITRE T1562.001 detection, NIST CSF DE.CM.

Framework Alignment Matrix

Threat MITRE Tactic MITRE Technique NIST 800-53 Controls CIS v8 Controls
DPRK Axios npm Trojan (ZshBucket) Initial Access, Execution, Defense Evasion, Exfiltration T1195.001, T1195.002, T1059.001/006/002, T1041, T1027, T1070 SR-3, SR-2, SI-7, SI-3, CM-7, AC-6 2.5, 2.6, 15.1, 6.3
Vercel Breach / Context.ai OAuth Compromise Initial Access, Credential Access, Collection, Defense Evasion T1199, T1528, T1530, T1550.001, T1566, T1078.004, T1195.002 AC-2, AC-6, IA-2, IA-5, SA-9, SR-3, SC-28 6.3, 6.4, 6.5, 5.2, 15.1
Windows Defender LPE Zero-Days (RedSun, UnDefend, CVE-2026-33825) Privilege Escalation, Defense Evasion, Persistence T1068, T1562.001, T1543, T1078, T1203 AC-6, SI-2, CM-7, SI-3, SI-4, AC-3 5.4, 6.8, 7.3, 7.4, 6.1, 6.2
Iranian ICS/OT Targeting (Rockwell Automation PLCs) Initial Access, Impact, Defense Evasion, Persistence (ICS) T0883, T1133, T1078, T0816, T0831, T0843, T1562, T1219 AC-17, AC-20, SC-7, SI-4, IA-2, IA-5, CA-7, CM-6 6.1, 6.2, 6.3
ZionSiphon Water Infrastructure ICS Malware Impair Process Control, Impact, Defense Evasion (ICS) T0831, T0836, T0843, T0855, T0856, T1547.009, T1091, T1027 SI-3, SI-4, SC-13, AT-2, AC-3 6.1, 6.2, 14.2
MajorDoMo Unauthenticated RCE (CVE-2026-27174, CVE-2026-27175) Initial Access, Execution T1190, T1059.004, T1203 SC-7, SI-2, SI-10, IA-2, CM-7, RA-5 16.10, 6.3, 7.3, 7.4
Apache ActiveMQ Jolokia RCE (CVE-2026-34197) Initial Access, Execution, Lateral Movement, Exfiltration T1190, T1078.001, T1059, T1210, T1041 AC-17, AC-3, CM-7, IA-2, SC-7, SI-2, SI-10, CA-7 6.3, 16.10, 7.3, 7.4
protobuf.js RCE (GHSA-xq3m-2v4x-88gg) Initial Access, Execution, Lateral Movement T1195.001, T1190, T1059.007, T1210 CM-7, SA-9, SR-3, SI-7, RA-5, SI-2, SI-10 16.10, 7.3, 7.4
BYOVD EDR Killers (Dragon Boss + Ecosystem) Defense Evasion, Privilege Escalation, Persistence T1562.001, T1068, T1014, T1543.003, T1211 SI-2, SI-7, AC-6, SR-3, SA-9, AC-3, CP-9 5.4, 6.8, 6.1, 6.2, 8.2
Dependabot/Renovate Malware Delivery Initial Access, Execution, Persistence T1195.001, T1059, T1072, T1554 CM-3, CM-7, SI-3, SI-4, SI-7, SR-2, AT-2 2.5, 2.6, 14.2, 15.1
108 Malicious Chrome Extensions Credential Access, Collection, Persistence, Defense Evasion T1539, T1176, T1185, T1550.001, T1056.001 AC-3, SI-10, SR-2, SC-23 16.10, 6.1, 6.2, 6.3, 15.1
ATHR AI Vishing Platform Initial Access, Credential Access, Defense Evasion T1566.004, T1621, T1539, T1656, T1110 AT-2, IA-2, IA-5, AC-7, SI-8 6.3, 6.4, 6.5, 14.2
ShinyHunters Salesforce Misconfiguration Exploitation Initial Access, Collection, Exfiltration, Impact T1190, T1078, T1213, T1530, T1537, T1657 AC-2, AC-6, IA-2, CA-8, RA-5, SC-7, AC-3, SC-28 6.1, 6.2, 3.3
Cisco Webex SAML Bypass (CVE-2026-20184) Credential Access, Defense Evasion, Execution T1606.002, T1550.001, T1134, T1078, T1556.006 CM-7, IA-2, IA-5, SC-8, SC-17, IA-8, SI-10 3.10, 6.3, 6.4, 6.5, 2.5, 16.10
EssentialPlugin WordPress Supply Chain Initial Access, Command & Control, Defense Evasion T1195.002, T1195.001, T1102, T1071.001, T1036.005, T1027 CM-7, SA-9, SR-3, SI-7, SI-3, SI-4, CM-3 2.5, 2.6, 8.2
AgingFly Malware (UAC-0247) Execution, Defense Evasion, Persistence, Credential Access T1620, T1027.010, T1218, T1059.001/003, T1547.001, T1555.003, T1539 CA-7, SC-7, SI-4, SI-3, CM-7, SI-7, AC-6, AT-2 2.5, 2.6, 16.10, 6.3, 8.2
NIST NVD Triage Policy Gap Reconnaissance (adversary exploitation of reduced visibility) T1190, T1203, T1068 CA-8, RA-5, SI-2, SA-22 7.3, 7.4
HashiCorp Vault CVE-2026-4525 + CVE-2026-3605 Credential Access, Defense Evasion, Impact T1552.001, T1550.001, T1548, T1485 AC-6, CM-6, SC-13, IA-5 6.3, 5.4
Storm-1175 / Medusa Ransomware (Rapid Deployment) Initial Access, Execution, Exfiltration, Impact T1190, T1078, T1059, T1486, T1567, T1083 AC-2, IA-2, CM-7, SI-3, SI-4, CP-9, CP-10 7.3, 7.4

Upcoming Security Events & Deadlines

CISA KEV Remediation Deadlines (Within 30 Days)

  • 2026-04-16 (PAST — verify patch status immediately): CVE-2026-21643 — Fortinet FortiClient EMS Critical SQL Injection
  • 2026-04-27: CVE-2026-34621 — Adobe Acrobat and Reader Prototype Pollution RCE
  • 2026-04-28: CVE-2026-32201 — Microsoft SharePoint Server Improper Input Validation
  • Ongoing (no published date in source data): CVE-2026-27174, CVE-2026-27175 — MajorDoMo Unauthenticated RCE (CISA KEV confirmed)
  • Ongoing (no published date in source data): CVE-2026-33825 (BlueHammer) — Windows Defender LPE (CISA KEV confirmed)
  • Ongoing (no published date in source data): CVE-2026-33032 — Nginx UI MCP Missing Authentication (CISA KEV confirmed)

Vendor Patch and Certificate Deadlines

  • 2026-05-08: OpenAI certificate revocation deadline — All ChatGPT Desktop, Codex, Codex CLI, and Atlas macOS installations using pre-re-signed certificates will stop functioning. Verify all macOS endpoints running OpenAI applications have the current signed release installed before this date.
  • Ongoing — verify status: Microsoft Secure Boot certificate transition from Microsoft Windows Production CA 2011. Windows systems that have not received cumulative updates through April 2026 risk boot integrity validation loss. Verify via Windows Security app certificate status indicator.
  • Immediate action required: HashiCorp Vault CVE-2026-4525 and CVE-2026-3605 — patch to 2.0.0, 1.21.5, 1.20.10, or 1.19.16 per your branch.
  • Immediate action required: Apache ActiveMQ Classic — upgrade to 5.19.4 (5.x branch) or 6.2.2 (6.x branch).
  • Immediate action required: wolfSSL — upgrade to 5.9.1 (released April 8, 2026) for embedded, IoT, and ICS deployments.
  • Immediate action required: Delta Electronics ASDA-Soft — upgrade to v7.2.6.0.

Next Patch Tuesday

  • 2026-05-12: Next Microsoft Patch Tuesday. Given the Windows Server infrastructure issues introduced by April 2026 KB5082063 (LSASS crashes, BitLocker lockouts, silent install failures), begin testing the May cycle in staging environments no later than May 13. Monitor Microsoft’s Windows release health page for any out-of-band KB5082063 remediation before May Patch Tuesday.

Governance Deadlines

  • Active: CISA operating at reduced capacity during government shutdown. Supplement federal intelligence feeds with sector ISACs (E-ISAC, WaterISAC, FS-ISAC, H-ISAC) and allied CERTs (NCSC-UK, ACSC). Document reduced federal advisory throughput as a temporary control gap in your risk register. Subscribe to sector ISAC feeds if not already active.
  • Ongoing: NIST NVD triage policy change (effective approximately April 15, 2026) — audit vulnerability management pipeline for NVD API dependencies. Integrate OSV.dev or equivalent alternative enrichment source before the gap compounds into missed patch cycles.

Security Conference Dates

  • No security conference dates were confirmed in intelligence items processed this week. Monitor industry calendar sources for upcoming RSA Conference, DEF CON, Black Hat, and regional ISAC summit schedules.

Sources

Section 3 — Key Security Stories

Section 4 — CVE Table and Vulnerability Data

Section 5 — Supply Chain

Section 6 — Nation-State

Section 7 — Phishing and Social Engineering

Section 9 — Mitigations (Framework Sources)

Section 10 — Framework Alignment

Section 11 — Events and Deadlines

Author

Tech Jacks Solutions

Leave a comment

Your email address will not be published. Required fields are marked *